Troubles to make SSO work

Armin Braunstein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 1, 2018

Hi!

I can not make SSO with crowd working. I have set up SSO, as desribed in the articles for Jira and Confluence, but can not make it work.

If I log in to Jira with a Crowd User and then change to Confluence I have to log in again.
I have checked the cookies. The Crowd Cookie seems to be there, like you can see here:

Cookie.png

This cookie somehow seems to be ignored on my Jira, Confluence and crowd.

The urls I have set up for Jira, Confluence and Crowd are:
https://jira.braunstein-web.com/
https://confluence.braunstein-web.com/
https://crowd.braunstein-web.com:8096/crowd/

So they all are sharing the braunstein-web.com domain.

The crowd directory for Jira and Confluence is set up correctly with the above url and is working. Just Single Sign On does not work.

The username I use is "armin". This user is inside the groups "jira-administrators", "jira-users", "confluence-administrators", "confluence-users", "crowd-administrators".

On Jira I am using the SSOSeraphAuthenticator, on Confluence the ConfluenceCrowdSSOAuthenticator.

I also tried to switch off the "Require consistent client IP address", but also did not help.

Please find the debugging log of crowd here:

http://greentacarcuna.com/files/atlassian-crowd.log

4 answers

0 votes
Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 8, 2018

Hi @Armin Braunstein,

 

Please accept our apologies for not reacting earlier on your request.

As I understand you problem is that you have:

  • Jira
  • Confluence
  • Crowd

set in the same domain.

All of them have the same user directories configured in Crowd (so Jira and Confluence have same ldap or internal directories in the same order configured inside Crowd application).

You have configured seraph.xml files in both Jira and Confluence to use SSO authentication with Crowd (also the crowd.properties files in those applications properly points to Crowd).

When you log in to Jira and then navigate to Confluence you need to login again as the session is not automatically authenticated.

The crowd.token_key cookie is properly set on that domain.

Is that a fair summary of your issue?

 

I had a look at your log file, and it looks like there are errors indicating that password did not match. Would it be possible that the directories are not configured in different order for those applications?

In order to investigate this issue further please provide har file of you trying to login to those applications and support zips of all applications in your setup (those will include log files)

If possible I would suggest opening a support case, so that we could exchange files easily not exposing any sensitive data if that is not possible due to licensing restrictions please send us those files at mkempa@atlassian.com and we will try to help you with that.

Best Regards,

Marcin Kempa

0 votes
Marek Radochonski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 7, 2018

@Armin Cheng I am sorry for my late reply but we must have missed your post earlier. Is this problem still occurring?

Armin Cheng
Contributor
December 7, 2018

Hi Marek! Yes, I still was not able to solve the problem. 

Marek Radochonski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 7, 2018

Ok thanks @Armin Cheng for your quick answer. I wanted also to thank you for buying Crowd and let you know that we are working on improvements of SSO. The current functionality of course should work for you properly so we will look into that and let you know. 

@Marcin Kempa can you please advice something here?

0 votes
Armin Cheng
Contributor
November 13, 2018

If that is how Atlassian is caring about issues of customers, then I maybe better should not use Jira if my company grows bigger..

I bought crowd actually only for having SSO, and now I can not use it, even, at least it seems, the configuration is done correctly.

I know it's only the "community support", but in the community support description it's written, that, if no answer comes from the community, Atlassian members will care about. But so far no reaction from Atlassian. The bigger licenses would really cost not so less money, that makes a bit worry if it will be also like that, if I need a higher license..

0 votes
Armin Cheng
Contributor
November 10, 2018

Is there really no possible solution for this?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events